Description

wodSSHServer is an SSH Server ActiveX component (but also Telnet Server ActiveX as well) that will give you ability to easily add SSH2 (and SFTP) server capabilities to your application, as well as old TELNET server protocol.

The Problem

wodSSHServer does not validate key exchange algorithm strings supplied by a client. If a client sends a specially crafted key exchange algorithm string to a vulnerable wodSSHServer installation, that attacker may be able to trigger the overflow.

Any application that uses the wodSSHServer ActiveX Component may be affected by this vulnerability. Known instances of this are freeSSHd and freeFTPd, but there may be others.

Note that working exploit code for this vulnerability is publicly available.

Impact

A remote attacker may be able to execute arbitrary code on the server using the wodSSHServer ActiveX component. If that server is running with administrative privileges, the attacker could gain complete control of the system.

Solution

Upgrade

This issue is addressed in wodSSHServer ActiveX component version 1.3.4, freeSSHd version 1.0.10, and freeFTPd version 1.0.11.